<?php

class Application_Plugin_Acl extends Zend_Controller_Plugin_Abstract
{
            private $_controller = array(
                'controller'=>'error',
                'action'=>'denied'
            );
            public function __construct() 
            {
                //check role of user
                $auth = Zend_Auth::getInstance();
               $role = ($auth->hasIdentity() && !empty($auth->getIdentity()->role))? $auth->getIdentity()->role : 'guest';
               $acl = new Zend_Acl();
               //roles
               $acl->addRole(new Zend_Acl_Role('guest'))
                          ->addRole(new Zend_Acl_Role('user'), 'guest')
                          ->addRole(new Zend_Acl_Role('admin'));
                //resourses
               $acl->add(new Zend_Acl_Resource('index', 'index'));
               //permissions
               $acl->Allow();
               
               //guest permission
               $acl->allow('guest', 'index');
               Zend_Registry::set('acl', $acl);
               
               
           
                
            }
            
                public function preDispatch(Zend_Controller_Request_Abstract $request)
	{
		$auth = Zend_Auth::getInstance();
		$acl = Zend_Registry::get('acl');
		
		if ($auth->hasIdentity()) {
			$role = $auth->getIdentity()->role;
		} else {
			$role = 'guest';
		}
		
		if (!$acl->hasRole($role)) {
			$role = 'guest';
		}
		
		$controller = $request->controller;
		$action = $request->action;
		
		if (!$acl->has($controller)) {
			$controller = null;
		}
		
		if (!$acl->isAllowed($role, $controller, $action)) {
			$request->setControllerName($this->_controller['controller']);
			$request->setActionName($this->_controller['action']);
		}
	}
    
}



?>